Net Optics none manual In-line Monitoring of 10 Gigabit Links, IBypass Switch Method

Page 12

Director

In-line Monitoring of 10 Gigabit Links

To create an in-line link on a 10 Gigabit network segment, use and external iBypass Switch or network Tap. These two methods are explained in the following sections.

iBypass Switch Method

One method for creating a fail-safe, passive in-line 10 Gigabit network connection with Director is to use an external iBypass Switch, as shown in the following diagram.

10 Gbps	iBypass Switch
full duplex	ON

OFF

Router

A

2

B

1

	Director	Switch
	Director
A	B

www.netoptics.com

Purple arrows show trac ow in one direction

Monitoring tools

Figure 4: iBypass Switch method for 10 Gigabit in-line network connection

In this case, traffic flows from the router, into the iBypass Switch, down to the Director, through Director, back up to the iBypass Switch, and finally to the switch. It also travels in the opposite direction. If power is removed from Direc- tor or from the iBypass Switch, the iBypass Switch fails open, creating a passive connection that keeps traffic flowing between the router and the switch.

External Network Tap method

Another method for creating a fail-safe, passive in-line 10 Gigabit network connection with Director is to use an external network Tap, as shown in the following diagram.

10 Gbps	LC Fiber Tap

Router	10 Gbps

Switch

Director

A B

www.netoptics.com

Monitoring tools

Figure 5: External Tap method for 10 Gigabit in-line network connection

In this case, traffic flows from the router, through the external Tap, to the switch. The Tap is totally passive, with no power needed for its operation. Optical splitters send a portion of the link light to the Director for monitoring. The Tap produces two half-duplex data streams, so both of Director's 10 Gigabit ports are used to monitor full-duplex traffic. A 10 GigaBit Port Aggregator can be used instead of a Tap to send the full-duplex link traffic to a single Director 10 Gigabit port, assuming the aggregated full-duplex traffic is 10 Gbps or less.

8

*** Confidential - DO NOT Distribute ***

Image 12

Contents Smart Filtering Appliance Trademarks and Copyrights Contents Appendix a Appendix BAppendix C Filter parametersChapter Introduction Key Features Ease of UseMonitor port Filtering Passive, Secure TechnologyAbout this Guide DescriptionDirector Architecture Director internal architecture USB port Director ManagementTypical Application Network LinksMonitoring Tools IBypass Switch Method In-line Monitoring of 10 Gigabit LinksExternal Network Tap method Power LEDs Director Front PanelMonitor Port LEDs DNM / Network Port LEDsDirector Rear Panel XFPChapter Installing Director Plan the Installation Unpack and Inspect the Director deviceInstall Director Network Modules Install SFP and XFP Monitor port ModulesRack Mount the Director device Connect Power to Director Connect the local CLI InterfaceConnect the remote CLI Interface Baud Data bits No parity 1 stop bit No flow controlTip To connect the CLI for remote use over the Management portLog into the CLI To log into the CLIConfigure Director using the CLI Change Director User Name and PasswordTo change the user name and password To change the port mode Assign a New Manager IP AddressTo assign a new Manager IP address to Director Change Port ModesSave and Load Director Configurations Set the Current Date and TimeUsing the CLI Help Command To view CLI help informationUsing the CLI Command History Buffer Current config fileConnect Span Ports to Director To connect a Span portConnect Director With In-line Network Links To connect an in-line network linkConfigure a Matrix Switch connection in Director Check the InstallationConnect Monitoring Tools to Director Chapter Configuring Filters Using the CLI SyntaxEnter filter commit. The switch connection is activated Copy Traffic From Any Network Port to Any Monitor PortRegenerate Traffic to Any Set of Monitor Ports Lter add inports=n1.1 action=redir redirports=m.3-m.5Create Filters To create a filter that selects IPv4 packets by protocolCreate Complex Filters Logical and filter connectionView filters UDPWork with configurable 10 Gigabit ports Configurable 10 Gigabit XFP ports used as Network portsNetwork Port 11 XFP Port Understand filter interactions CAMFlow diagram now looks as follows Exclusive filters N1.1 ipproto=UDP action=drop N1.1 m.1To change the Director filter configuration Understand pending and active filtersEnter filter list to view the pending filter list User interactions Filter capacityDaisy-chaining Multiple Director Chassis Appendix a Director Specifications Specifications, chassisSpecifications, DNM EnvironmentalCertifications Available ModelsAppendix B Command Line Interface Command Sub-Command Parameters Example and descriptionCommand may include Filter add and filter ins commandsFilter add ipv6=n inports=n1.1-n1.3 ip Src=10.1.1.1 action=dropLoad myconfiguration-1 Filter listFilter running Filter syncSave myconfiguration-1 Show myconfiguration-1Passwd PingSysip commit Sysip ipaddr=192.168.1.2 netmask=255.255.0.0Sysip show TimeThis This command is only available at root level Command User showUser add name=bob pw=bob-pw priv=3 Is onlyFilter parameters Director Filter Parameters Qual Value Example DescriptionAppendix C Protocol Numbers Num Keyword ProtocolMobile L2TP Limitations on Warranty and Liability By Net Optics, Inc. All Rights Reserved